DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

MN: Delta Dental Disk with The Smile Center Patient Data on It Stolen Months Ago; No One Notified Patients?! (update1)

Posted on May 19, 2011 by Dissent

Patients at The Smile Center in St. Paul, Minnesota don’t have much to smile about this week. Bill Keller reports on another disturbing breach – one that reportedly occurred four months ago but victims are first being notified now:

Delta Dental is announcing that personal information used in a lawsuit between the company and a St. Paul dentist’s office is missing after a laptop used in the case by an expert witness was stolen from an office at the University of Minnesota.

Though the multi-million dollar suit was settled in April, a disk loaded with personal information is proving unsettling now that it could fall into the hands of identity thieves.

On Monday, Laurie Manke-Senne said she received a note from her dental insurance carrier notifying her that her personal information had been stolen.

“It’s unnerving because our personal information is out there,” she said. “It wasn’t encrypted.”

Delta Dental said it has taken steps to protect its clients from identity theft; however, when the computer disappeared, the state’s largest dental insurer said The Smile Center never told its patients their medical records had been compromised.

Neither Delta Dental nor The Smile Center would say how many people were affected by the theft, but the missing data includes patients at the St. Paul office who were insured by Delta between Jan. 1, 2003 and June 30, 2010.

The Smile Center’s other four offices were not affected.

In a statement, Delta Dental said it has “no indication that the information has been inappropriately accessed, misused or further disclosed.”

So far, it seems the target of the theft was the laptop alone — not the data, but that offers little comfort to those still at risk.

Source: Fox9

Fox9’s news coverage (see video below) indicates that the PHI on the stolen laptop included names, dates of birth, and Social Security numbers.

Not only did The Smile Center reportedly not inform their patients of the breach, but it seems that neither Delta Dental nor The Smile Center are taking full responsibility for the breach because the data were in the possession of a third party – an expert witness in the lawsuit. That said, Delta Dental is offering patients free credit monitor and credit restoration services.

So what will HHS do with this breach? Has anyone reported it to HHS yet? I expect that we will see this one on their breach tool but it will be quite a while before we see what, if anything, HHS/OCR does. This might be an appropriate incident to issue a fine for not notifying patients in a timely fashion.

Update 1: Delta Dental issued a statement. The statement indicates:

The disc contained the names, dates of births, Social Security numbers and limited dental claims data (dental codes, amounts paid, dentist ID numbers) for certain individuals covered by Delta Dental who were patients of The Smile Center dental clinics between January 1, 2003 and June 30, 2010. The disc also contained similar data for certain public programs enrollees, but did not contain Social Security numbers for those enrollees.

The statement seems to put the responsibility for notification on The Smile Center:

As part of a lawsuit between Delta Dental and The Smile Center dental clinics, Delta Dental was required to provide the disc containing the data to The Smile Center dental clinics, their law firm, and their expert witness. Delta Dental turned over the disc under the terms of a protective order entered by the court in the lawsuit. The Smile Center dental clinics, their law firm, and their expert witness were required by the court order to protect the disc and the data. At the time of the theft, the disc was in the custody and control of the expert witness for The Smile Center dental clinics at his University of Minnesota office.

In response to my tweet earlier today about how patients were not notified of the breach that Fox9 says occurred four months ago, @DeltaDentalMN tweeted:

@PogoWasRight False. Delta Dental notified ALL individuals whose Social Security numbers were on stolen disc. http://tinyurl.com/3myz3wn

I replied, asking them to confirm *when* the laptop was stolen and *when* they notified patients. If I get a response, I’ll update this entry.

Note that I did not and am not asserting that it was Delta Dental’s responsibility to notify the patients. My original point was that a breach seemingly happened and patients weren’t notified and someone should be held accountable for that – and nothing that I’ve read since my original post changes that opinion.

Related posts:

  • MN: Delta Dental Disk with The Smile Center Patient Data on It Stolen Months Ago; No One Notified Patients?! (update1)
  • Update: Details on the Delta Dental breach
  • Delta Dental says data breach exposed info of 7 million people
  • Dental Center of Northwest Ohio’s notifies patients after IT vendor Arakÿta experiences ransomware incident
Category: Breach IncidentsHealth DataOf NoteTheftU.S.

Post navigation

← MN: Delta Dental Disk with The Smile Center Patient Data on It Stolen Months Ago; No One Notified Patients?! (update1)
Federal lawsuit blames Michaels for PIN thefts →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.